| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Oct 2023 09:44:37 -0700
From: Kees Cook <keescook@...omium.org>
To: Ricardo Lopes <ricardoapl.dev@...il.com>
Cc: manishc@...vell.com, GR-Linux-NIC-Dev@...vell.com, coiby.xu@...il.com,
justinstitt@...gle.com, linux-hardening@...r.kernel.org,
gregkh@...uxfoundation.org, netdev@...r.kernel.org,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] staging: qlge: Replace strncpy with strscpy
On Fri, Oct 06, 2023 at 05:12:24PM +0100, Ricardo Lopes wrote:
> Reported by checkpatch:
>
> WARNING: Prefer strscpy, strscpy_pad, or __nonstring over strncpy
Thanks for working on this! Doing these replacements needs analysis of
several issues that should be described in the commit log:
- is the destination an %NUL-terminated string? (strncpy can produce
non-%NUL-terminated strings and sometimes this is intentional.)
- is the source %NUL-terminated? (Sometimes strncpy is used when memcpy,
kmemdup_nul, or other things should be used.)
- does the destination need to be %NUL padded? (strncpy does this
padding, but it isn't always obvious if it's needed.) When padding is
needed, strscpy_pad() should be used.
>
> Signed-off-by: Ricardo Lopes <ricardoapl.dev@...il.com>
> ---
> v2: Redo changelog text
>
> drivers/staging/qlge/qlge_dbg.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/staging/qlge/qlge_dbg.c b/drivers/staging/qlge/qlge_dbg.c
> index c7e865f51..5f08a8492 100644
> --- a/drivers/staging/qlge/qlge_dbg.c
> +++ b/drivers/staging/qlge/qlge_dbg.c
> @@ -696,7 +696,7 @@ static void qlge_build_coredump_seg_header(struct mpi_coredump_segment_header *s
> seg_hdr->cookie = MPI_COREDUMP_COOKIE;
> seg_hdr->seg_num = seg_number;
> seg_hdr->seg_size = seg_size;
> - strncpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
> + strscpy(seg_hdr->description, desc, sizeof(seg_hdr->description));
> }
This function uses memset() for seq_hdr, so this is clearly trying
to construct a %NUL terminated destination (due to the old "- 1"
on the size). Also, padding should be redundant. All the callers of
qlge_build_coredump_seg_header() pass a const string as the last argument,
so they're all terminated. This looks like a correct replacement.
>
> /*
> @@ -737,7 +737,7 @@ int qlge_core_dump(struct qlge_adapter *qdev, struct qlge_mpi_coredump *mpi_core
> sizeof(struct mpi_coredump_global_header);
> mpi_coredump->mpi_global_header.image_size =
> sizeof(struct qlge_mpi_coredump);
> - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> sizeof(mpi_coredump->mpi_global_header.id_string));
>
> /* Get generic NIC reg dump */
> @@ -1225,7 +1225,7 @@ static void qlge_gen_reg_dump(struct qlge_adapter *qdev,
> sizeof(struct mpi_coredump_global_header);
> mpi_coredump->mpi_global_header.image_size =
> sizeof(struct qlge_reg_dump);
> - strncpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> + strscpy(mpi_coredump->mpi_global_header.id_string, "MPI Coredump",
> sizeof(mpi_coredump->mpi_global_header.id_string));
>
> /* segment 16 */
These are both trying to copy a const string, so we know the src is
terminated. Checking the related sizes:
struct mpi_coredump_global_header {
...
u8 id_string[16];
The const strings are 13 bytes with the %NUL, so they'll always fit in
the destination.
Just before these copies, the mpi_global_header is wiped:
memset(&mpi_coredump->mpi_global_header, 0,
sizeof(struct mpi_coredump_global_header));
so padding isn't a concern. This looks like a correct replacement.
Reviewed-by: Kees Cook <keescook@...omium.org>
--
Kees Cook
Powered by blists - more mailing lists